If you think nobody cares about GDPR…

If you think nobody cares about GDPR

Well you can bet Dixons Carphone do now!

The firm says there had been “an attempt to compromise” 5.9 million credit and debit cards last year, with 105,000 cards being leaked.

Dixons Carphone, the parent company which owns Currys PC World, Carphone Warehouse and Dixons Travel stores, has admitted a huge data breach involving the personal details of almost six million customers.

Dixons Carphone data breach

Dixons Carphone is investigating the attempted hack and said it had already informed the Information Commissioner’s Office (ICO), the Financial Conduct Authority as well as the police. It did add that there was “currently no evidence of any fraudulent use of the information.”

An ICO spokesperson said: “An incident involving Dixons Carphone has been reported to us and we are liaising with the National Cyber Security Centre, the Financial Conduct Authority and other relevant agencies to ascertain the details and impact on customers.

Beyond the 5.9 million cards, 1.2 million data records including names, addresses and email addresses of customers were also exposed in the Dixons Carphone breach and the company is contacting those whose non-financial data was accessed to inform, apologise, and offer advice on any protective steps they should take”.

Dixons Carphone data breach and GDPR

This data breach is the first major public leak to be announced since the introduction of GDPR in Europe.

Under these new, far-reaching regulations, companies can be fined up to a staggering €20 million, or 4% of global annual turnover (whichever is higher), if they are found to have failed to adhere to GDPR or suffer a data breach. In particular, a company must alert the authorities about a data breach within 72 hours of being made aware of it or face a fine of up to €10 million.

On top of this, they could potentially face a massive amount of claims from individuals whose data has been lost, now it’s a lot easier for individuals to make a claim against a company if they haven’t taken due care of their personal data.

OES provide companies with GDPR advice and consultancy. If reading this post makes you uneasy about your GDPR compliance or network security, give us a call on 01745 815516 to check your compliancy before it’s too late!